By Anushree Dave
From January to November, cryptocurrency hackers stole more than $3 billion from victims, reports show
A year of hacks and headline scandals has made 2022 a tough year when it comes to protecting digital assets.
Victims lost $3 billion to cyberattacks in 2022, according to Chainalysis, up from the $2 billion lost in 2021.
Another estimate shows victims of major hacks and scandals lost a total of $4.3 billion, according to data security firm Privacy Affairs. The same report shows that Americans lost $329 million in the first quarter of 2022 alone, long before the collapse of cryptocurrency exchange FTX, during which hackers allegedly drained wallets after it filed for bankruptcy.
Here is a list of many of the major and noteworthy hacks of 2022 and how they occurred, listed in chronological order:
Wormhole Crypto Bridge — $320 million
In February, Wormhole, the name of a protocol that helped facilitate the movement of digital assets from one blockchain to another blockchain network (a blockchain is a digital database underlying cryptocurrencies), was hacked for cryptocurrency worth over $320 million. The hacker found a vulnerability in Wormhole’s smart contract, which allowed the attacker to fraudulently mint a large number of cryptographic tokens.
Jump Crypto, a trading firm and VC, eventually replaced the stolen 120,000 ETH, to support Wormhole.
Axie Infinity: $625 million
In March, hackers stole $625 million worth of crypto assets from the gaming-focused Ronin Network, which was home to a game called Axie Infinity. At its peak in 2021, Axie Infinity’s “play to earn” gaming model allowed gamers in Southeast Asia to make a living just by playing.
But Sky Mavis, the team behind Axie Infinity, noted in a blog post that the hackers were able to steal the validation keys, which allowed them to take over the Ronin network. They stole about 173,000 ether, or about $597 million at the time, and $25 million of USDC stablecoins, for a total of about $625 million, in what is considered the largest decentralized financial exploit to date.
In April, the FBI attributed the attack to the North Korean hacker group Lazarus. The same month, Sky Mavis ended up raising $150 million led by Binance to return the stolen funds to users.
Beanstalk Farms: $182 million
In April, blockchain analytics firm Peck Shield spotted a hack on Beanstalk Farms, a decentralized financial protocol that aimed to balance supply and demand for cryptocurrency assets.
The hacker took advantage of the project’s governance system, which like most DeFi projects is majority-operated. The creators of Beanstalk have made sure that participants can vote to make changes to the code. Participants gained the right to vote based on the proportion to the value of the tokens they held, creating an opportunity for hackers.
The attack was facilitated using a DeFi product called a “flash loan” that allows people to borrow large amounts of cryptocurrencies for a short period of time, sometimes just minutes or seconds. Usually, these are meant to provide liquidity for price arbitrage opportunities, but in Beanstalk’s case, it was used to gain a majority of voting rights and approve the execution of the code that transferred assets to its wallet. The hacker immediately repaid the flash loan, making an estimated $80 million in profit. In PeckShield’s analysis, the company found that Beanstalk Farms had lost a total of $182 million due to the hack.
In October, a flash loan was also used in another attack on the Solana-based lending platform called Mango Markets to funnel over $100 million in customer deposits off the platform. Avraham Eisenberg was arrested in Puerto Rico and is facing charges of fraud and handling of goods, according to a filing made public on Tuesday.
Eisenberg maintained through October, via Twitter, that his actions were legal:
Nomad Bridge Attack — $190 million
In August, Nomad, a bridge that connected various blockchain networks, was hacked for $190 million worth of crypto assets, in the second largest cross-chain bridge attack of the year and the fourth largest DeFi attack in the world. era. The hack was the result of a glitch in Nomad’s smart contract, where the attackers found a vulnerability. Just days before the incident, Nomad revealed in a blog post that major investors such as Coinbase Ventures, OpenSea, and Crypto.com Capital had entered an April funding round for $22 million to help develop an safety .
Wintermute Hack: $160 million
In September, cryptocurrency maker Wintermute was hacked for $160 million in its DeFi operations and the news was tweeted by Evgeny Gaevoy, founder and CEO of Wintermute.
“We’re creditworthy with double that amount in stock left,” he said at the time.
Later, Gaevoy explained to Forbes that the hack likely originated with a service called Profanity, which generates “vanity addresses” for accounts to make them more easily accessible (otherwise, cryptographic accounts are normally accessed via a long series of different letters and numbers). . There was a security vulnerability with Profanity’s code, which may have allowed a hacker with enough computing power to hack into possible keys and passwords.
FTX wallets hacked: 400 million dollars
After cryptocurrency exchange FTX filed for bankruptcy in November, on-chain data showed the exchange’s wallets were losing between $370 million and $400 million in funds. Sam Bankman-Fried, the former chief executive officer of FTX, said in an interview that a former employee or bad actor, who likely stole the private keys to FTX’s crypto wallets, was behind the fund drain. It was later revealed by FTX’s new CEO John J. Ray III that FTX had been storing private keys that weren’t encrypted and overall lacked security.
In congressional testimony in December, Ray said, “Never in my career have I seen such a total failure of corporate controls at all levels of an organization, from a lack of financial reporting to a complete failure of any internal controls or governance.”
Overall, FTX client funds remain unaccounted for at $1 to $2 billion. Bankman-Fried was charged with eight felony counts including fraud, money laundering and campaign finance offences.
Ray, in his testimony, said that while the investigation is ongoing and the detailed findings will take time, “the collapse of the FTX group appears to have resulted from the sheer concentration of control in the hands of a very small group of grossly inexperienced and untrained individuals.” sophisticated people who have failed to implement virtually any system or control necessary for a business entrusted with other people’s money or assets.
(END) Dow Jones Newswires
Copyright (c) 2022 Dow Jones & Company, Inc.